CVE-2022-0134

AnyComment < 0.2.18 - Arbitrary HyperComments Import/Revert via CSRF

EPSS 0.6%CWE-352

The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack

Affected products

Unknown · AnyComment

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/fa09ea9b-d5a0-4773-a692-9ff0200bcd85